southseact-3d/shopify-ai-backup
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0860fc0028e9abacc17869e29b42d18241dfae3b
shopify-ai-backup/PLUGIN_VERIFIER_ENHANCEMENTS.md

9.9 KiB
Raw Blame History

Plugin Verification Scripts - Complete Implementation

Summary

Enhanced the plugin verification scripts to detect critical issues including:

  1. Component/UI Overlaps - CSS patterns that cause visual element overlap
  2. Early Function Calls - Functions called before they are defined
  3. Undefined Functions - Calls to functions that don't exist
  4. Undefined Arrays & Array Keys - Array accesses on potentially uninitialized variables

Changes Made

1. Enhanced check-duplicate-classes.php (PHP Static Analyzer)

New Features Added:

A. Undefined Function Detection

  • Tracks all function calls in PHP files
  • Compares against:
    • Internal PHP functions (extensive list)
    • WordPress/WooCommerce core functions
    • User-defined functions in the codebase
  • Reports undefined function calls with file and line number
  • Example: UNDEFINED FUNCTION: 'my_custom_func' called at admin/page.php:42

B. Early Function Call Detection

  • Tracks function definitions with line numbers
  • Detects when a function is called BEFORE it's defined in the same file
  • Helps catch function ordering issues that can cause "Call to undefined function" errors
  • Example: EARLY FUNCTION CALL: 'process_data' called at line 15 but defined at line 85 in includes/helper.php

C. Potential Undefined Array Detection

  • Tracks array access patterns: $array['key'] or $array[$key]
  • Tracks variable assignments for type inference
  • Warns when arrays are accessed without clear initialization
  • Suggests using isset() or !empty() checks
  • Example: POTENTIAL UNDEFINED ARRAY: '$options' accessed as array at functions.php:23

D. CSS Overlap Detection

  • Scans all CSS files in the plugin
  • Detects problematic CSS patterns:
    • Negative margins (margin-top: -15px - can pull elements into overlapping positions)
    • Absolute positioning without z-index (position: absolute without proper z-index)
    • Fixed positioning at z-index 0 (position: fixed; z-index: 0 - overlaps other elements)
    • Elements anchored to both top/bottom or left/right
  • Reports file, line number, and description of the issue
  • Example: POTENTIAL CSS OVERLAP in admin/css/admin.css:156

2. Enhanced validate-wordpress-plugin.sh (Bash Validator)

New Section 5.4: Runtime Error Detection

  • Calls the enhanced check-duplicate-classes.php analyzer
  • Parses and reports:
    • Undefined functions (as ERROR - red)
    • Early function calls (as ERROR - red)
    • Potential undefined arrays (as WARNING - yellow)
    • CSS overlaps (as WARNING - yellow)
  • Displays first 5 instances of each issue type

New Section 9: CSS & UI Overlap Detection

  • Separate CSS analysis section
  • Checks for:
    • Negative margins (common overlap cause)
    • Absolute positioning without z-index
    • Fixed positioning at z-index 0
  • Shows first 5 instances and notes if more exist
  • Reports as warnings (yellow)

Updated Section Numbering

  • Changed from [1/8] to [1/10] to reflect new sections
  • Updated all section headers to use consistent numbering

3. Updated README.md

Enhanced Documentation:

  • Updated check-duplicate-classes.php documentation with:
    • All new detection capabilities
    • CSS overlap detection patterns
    • Example output showing all new features
    • Updated options and exit codes

How It Works

Detection Logic

Undefined Functions

// Example code:
$result = some_undefined_function($data);

// Detection:
// 1. Parser tracks function calls: 'some_undefined_function' at line X
// 2. Checks if it's in internal PHP functions list: NO
// 3. Checks if it's in WP/WC functions list: NO
// 4. Checks if defined in codebase: NO
// 5. Reports: UNDEFINED FUNCTION at file:line X

Early Function Calls

// Example problematic code:
$result = my_function();  // Line 10

function my_function() {  // Line 50
    return "data";
}

// Detection:
// 1. Parser sees 'my_function' defined at line 50
// 2. Parser sees 'my_function' called at line 10
// 3. Reports: EARLY FUNCTION CALL - function called before definition

CSS Overlaps

/* Problematic CSS 1 - Negative Margin */
.button {
    margin-left: -15px;  /* Pulls element left into overlap */
}

/* Problematic CSS 2 - Absolute No Z-Index */
.modal {
    position: absolute;
    top: 50px;
    /* Missing z-index - may overlap other absolute elements */
}

/* Problematic CSS 3 - Fixed at Z-Index 0 */
.header {
    position: fixed;
    z-index: 0;  /* Overlaps page content at z-index 0 */
}

/* Detection for each case */

False Positive Handling

The implementation includes conservative checks to minimize false positives:

  • Skips keywords (if, while, for, etc.) in function detection
  • Checks both short names and fully-qualified names with namespaces
  • Only reports clear cases (call at least 2 lines before definition)
  • Limits CSS overlap reports to 5 instances per file

Usage Examples

Check a WordPress Plugin

# Run full validation with all checks
./scripts/validate-wordpress-plugin.sh /path/to/plugin

# Run just the PHP analyzer with verbose output
php scripts/check-duplicate-classes.php /path/to/plugin --verbose

# Run in strict mode (may have more false positives)
php scripts/check-duplicate-classes.php /path/to/plugin --strict

Example Output

========================================================
    STRICT WORDPRESS PLUGIN SECURITY & CODE AUDIT       
========================================================
Scanning: /path/to/plugin

[1/10] Checking for Dangerous/Forbidden Functions...
  ✓ No dangerous functions found

[2/10] Checking for SQL Injection Patterns...
  ✓ No SQL injection risks found

... (other checks)

[5.2/10] Checking for Duplicate Class/Function Declarations...
  ✓ No duplicate class declarations found

[5.4/10] Runtime Error Detection...
  ✗ UNDEFINED FUNCTIONS DETECTED
UNDEFINED FUNCTION: 'custom_helper_function' called at includes/helper.php:45
UNDEFINED FUNCTION: 'process_order_data' called at functions.php:112
  ✗ EARLY FUNCTION CALLS DETECTED
EARLY FUNCTION CALL: 'init_plugin' called at line 15 but defined at line 42 in plugin.php
  ⚠ POTENTIAL UNDEFINED ARRAYS
POTENTIAL UNDEFINED ARRAY: '$field_config' accessed as array at admin/class-admin.php:78
    This array may not be initialized before use.
    Consider using isset() or !empty() check before access.
  ⚠ POTENTIAL CSS OVERLAPS
POTENTIAL CSS OVERLAP in public/css/admin.css:156
    Reason: Negative margin (may cause overlap)
    Context: margin-left: -10px; position: relative;

[9/10] Checking CSS & UI for Overlap Issues...
  ⚠ CSS ISSUE in public/css/admin.css:156
    Negative margins detected (may cause overlap)
    margin-left: -10px; position: relative;
  ✓ No absolute positioning issues detected
  ✓ No fixed positioning issues detected

================================================================================
    AUDIT RESULTS                                       
================================================================================
FAIL: 2 Critical Security/Stability Issues Found.
(Plus 4 warnings requiring review)

Benefits

  1. Prevents Runtime Errors - Catches issues before deployment
  2. Improves UI Quality - Detects CSS overlap patterns that cause visual bugs
  3. Better Code Quality - Enforces proper function ordering and initialization
  4. Maintainability - Helps developers understand code dependencies
  5. Early Detection - Catches issues in CI/CD before they reach production

Limitations

The static analysis has some limitations:

  • Cannot fully track scope (functions/methods in different contexts)
  • May have false positives for dynamic function calls ($func())
  • CSS overlap detection is pattern-based (may miss complex overlap scenarios)
  • Cannot verify external dependencies (functions from other plugins/libraries)
  • Array key checks are conservative (suggests review rather than errors)

Best Practices for Developers

  1. Define Functions Before Use

    // Good
function helper() { return 'data'; }
echo helper();

// Bad
echo helper();  // May fail if not autoloaded
function helper() { return 'data'; }

  2. Initialize Arrays Before Access

    // Good
$options = [];
$options['key'] = 'value';

// Or check first
if (isset($options['key'])) {
    echo $options['key'];
}

// Bad
echo $options['key'];  // Undefined array

  3. Avoid CSS Overlaps

    /* Good - use proper z-index */
.modal {
    position: absolute;
    z-index: 1000;
    top: 50%;
    left: 50%;
    transform: translate(-50%, -50%);
}

/* Good - use flex/grid instead of negative margins */
.container {
    display: flex;
    gap: 1rem;
}

/* Bad - negative margins cause overlap */
.sidebar {
    margin-left: -15px;
}

CI/CD Integration

# Example GitHub Actions workflow
- name: Validate Plugin
  run: |
    ./scripts/validate-wordpress-plugin.sh ./plugin-dir
  continue-on-error: false

- name: Check for Runtime Issues
  run: |
    php scripts/check-duplicate-classes.php ./plugin-dir --verbose

Testing

To test the enhancements:

# Test on a real plugin
./scripts/validate-wordpress-plugin.sh /path/to/wordpress-plugin

# Test on a plugin with intentional issues
# Create a test plugin with:
# - Undefined function calls
# - Early function calls
# - Array access without initialization
# - CSS with negative margins
# Run validator and verify all issues are detected

Files Modified

  1. /scripts/check-duplicate-classes.php - Enhanced with 4 new detection types
  2. /scripts/validate-wordpress-plugin.sh - Added 2 new sections (5.4 and 9)
  3. /scripts/README.md - Updated documentation with new features

Backward Compatibility

All changes are backward compatible:

  • Existing checks remain unchanged
  • New checks are additive only
  • Exit codes maintain previous behavior
  • Output format is consistent with existing style
  • No breaking changes to script usage or parameters
Reference in New Issue View Git Blame Copy Permalink